Re: sygate and shields up

From: Volker Birk (bumens_at_dingens.org)
Date: 09/10/05 

Date: 10 Sep 2005 08:15:08 +0200

charlie R <welpctSKIPME@psci.net> wrote:
> When you connect to a website, it has to read your address, or else
> you couldn't view it. Gibson also tells you your machine address when
> you connect to his site. The scanner is a different machine and
> cannot see your address because you are not connected to it, and your
> ports are closed or stealth.

Please first read RFC 792 and try to understand it. Then you'll see,
that this is just nonsense. This is not the way, the TCP/IP network
family is working.

If a host is not there, then you get a message from a router before:
the message, that a packet to this host cannot be routed (ICMP Destination
Unreachable with code 0, net unreachable, or code 1, host unreachable.

If a host is there, and only there is no process listening at the port
you wanted to communicate with, you get a message: ICMP Destination
Unreachable with code 3 or a TCP RST (see RFC 793).

If you're getting nothing, then you know: there definitely _is_ a host:
A Windows box with a protocol injuring "Personal Firewall" which fools
it's user feeling "stealth".

> The server you are connected to can read
> your IP, and anything else your security settings allow, if it wants
> to.

No. The system you communicate with has your IP address, of course -
you're communicating with it. But it cannot "read ... anything else your
security settings allow". This is just wrong.

> That's why it's important to block Active X, mobile code,
> scripts, java, etc, and keep your Internet Security settings high.

This is monkeyshines. The reason why not using ActiveX is completely
different - it's the design flaws in ActiveX. This has nothing to do
with "mobile code" or "scripts".

> VB will tell you he can get into any machine he wants
> to, despite personal firewalls.

BTW: I never told that.

Please, before you're starting with polemics, *PLEASE* read the RFCs.
They're in English. You can understand that, if you try.

The RFCs http://www.rfc-editor.org are the official standards of the IETF,
the Internet Engineering Task Force, http://www.ietf.org

Yours,
VB. 

-- 
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
                                    Harald Schmidt zum "Weltjugendtag"

Relevant Pages

  • Re: IHTMLWindow2::execScript breaks after IE7 RC1
    ... My program hosts a web browser control. ... IInternetSecurityManager, to override security settings. ... the Internet Zone (IPersistStreamInit works in the Internet Zone, ... between the hosted browser control and the host program. ...
    (microsoft.public.inetsdk.programming.webbrowser_ctl)
  • Re: cross posts
    ... Obsoletes RFC: 802 ... is a successor to the existing 1822 Host Access Protocol. ... physical port locations to address each other. ... o Section 2.6 describes the new "1822L name server" in the IMP, ...
    (sci.military.naval)
  • Re: ICMP redirects are baad mkay?
    ... The requirements list was gathered from RFC 1122, ... If a host has to behave robustly under ... >Who says that an ICMP Redirect cannot replace an ICMP Redirect? ...
    (comp.security.firewalls)
  • Re: Underscore in IIS 6 Host Header definition
    ... supposed to follow RFC and not work with each other, ... Thanks for the ideas Seth. ... We won't use underscore going forward however, ... > An underscore is not valid in host names. ...
    (microsoft.public.inetserver.iis)
  • USB Function application testing
    ... quite good to test any host application. ... But now I want to write function side application and want it communicate ... How can libusb help me in this case? ... a real USB mass storage device sitting in a USB port. ...
    (microsoft.public.development.device.drivers)